Set up access to and from the Internet

Set up access to and from the Internet

You can configure access to and from the Internet for the cloud server, cloud load balancer, and cloud database cluster:

• through a public IP address. To filter incoming traffic, you will be able to use a cloud firewall и security groups;
• through a public subnet. To filter incoming traffic, you will be able to use security groups.

If your device only needs internet access without access from the internet, you can set it up through a cloud router.

Set up access to and from the Internet via a public IP address⁠

To configure Internet access to and from the Internet for devices on the private subnet, you need to connect the subnet to a cloud router with access to the external network and connect a public IP address to the device. The cloud router acts as a 1:1 NAT via the external IP address that is allocated when the router is connected to the external network: it organizes access to the Internet from the private subnet and processes incoming traffic packets for the public IP addresses.

You can connect a public IP address when creating a cloud server, creating a cloud load balancer, creating a cloud database cluster (example for PostgreSQL), and after creation.

The device must be on a private subnet or a global router subnet that meets the requirements. To prepare the subnet, use the instructions Prepare a private subnet to connect a public IP address.

1. Create a public IP address.
2. Create a cloud router with a connection to an external network.
3. Connect the private subnet to the cloud router.
4. Connect a public IP address to a device port on the private subnet.

1. Create a public IP address⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public IP Addresses tab.
3. Click Create IP Address.
4. Select the pool where the public IP address will be created.
5. Specify the number of public IP addresses — 1.
6. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a public IP address:

   openstack floating ip create external-network

2. Create a cloud router with connection to an external network⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Cloud routers tab.
3. Click Create router.
4. Select the pool where the cloud router will be created.
5. Enter the name of the router.
6. Check the box Connect router to external network — an external IP address will be assigned to the router.
7. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a cloud router:

   openstack router create <router_name>

   Specify <router_name> — the name of the cloud router..

3. Connect the cloud router to an external network — an external IP address will be assigned to the router:

   openstack router set --external-gateway external-network <router>

   Specify <router> — Cloud router ID or name, can be viewed using the openstack rou ter list command

3. Connect the subnet to the cloud router⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.

2. Go to Network → Cloud routers tab.

3. Open the router card.

4. Click Add Subnet.

5. Select a private subnet or a global router subnet.

6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → Private Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.

   If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the .253 and .254 service addresses.

7. Click Add Subnet.

OpenStack CLI

1. Open the OpenStack CLI.

2. Connect the subnet to the cloud router:

   openstack router add subnet <router> <subnet>

   Specify:

   • <router> — The ID or name of the cloud router can be viewed with the command openstack router list;
   • <subnet> — The ID or name of a private subnet can be viewed with the command openstack subnet list.

4. Connect a public IP address to a device port on a private subnet⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Private Networks tab.
3. Open the Network page → Ports tab.
4. In the port card of the cloud server or load balancer, click Connect Public IP.
5. Select a public IP address.
6. Click Connect.

OpenStack CLI

1. Open the OpenStack CLI.

2. Connect a public IP address to the port:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — The port ID of a cloud server or load balancer can be viewed with the command openstack port list;
   • <public_ip_address> -ID or public IP address, can be viewed with the command openstack floating ip list.

Configure access to and from the Internet via a public subnet⁠

To configure access to and from the Internet via a public subnet, you must connect the device to the public subnet. For a load balancer and cloud database cluster, this can be done only when creating the load balancer and creating the cluster (example for PostgreSQL). Cloud server can be connected to the public subnet either when the server is created or after it is created — to do this, you need to add the cloud server to the public subnet via port.

1. Create a public subnet.
2. Add the cloud server to the public subnet via port.

1. Create a public subnet⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public Networks tab.
3. Click Create Subnet.
4. Select the pool where the public subnet will be created.
5. Select the subnet size — the range of IP addresses available on the subnet.
6. Optional: To change the DNS servers, click . Enter one to three values. Click .
7. Click Create.

2. Add the cloud server to the public subnet via port⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Open the server page → Ports tab.
3. Click Add Port.
4. Select a public subnet.
5. Enter the IP address of the port.
6. Click Add Port.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a port on the public subnet:

   openstack port create \
     --network <subnet> \
     --fixed-ip subnet=<subnet>,ip-address=<port_ip_address> \
     <port_name>

   Specify:

   • <subnet> — The ID or name of the public subnet can be viewed with the command openstack network list;
   • <port_ip_address> — The IP address of the port;
   • <port_name> — port name.

3. Add a port to the cloud server:

   openstack server add port <server> <port>

   Specify:

   • <server> — The ID or name of the cloud server can be viewed with the command openstack server list;
   • <port> — The port ID or name can be viewed with the command openstack port list.

Set up internet access via cloud router⁠

You can configure Internet access for devices on a private subnet without external access from the Internet.

To do this, connect a cloud router with external network access to the private subnet or global router subnet where the device resides. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the router's external IP address. The external address is only used to access the Internet from the device, it cannot be used to connect to devices on the subnet.

1. Create a cloud router with a connection to an external network.
2. Connect the private subnet to the cloud router.

1. Create a cloud router with a connection to an external network⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Cloud routers tab.
3. Click Create router.
4. Select the pool where the cloud router will be created.
5. Enter the name of the router.
6. Check the box Connect router to external network — an external IP address will be assigned to the router.
7. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a cloud router:

   openstack router create <router_name>

   Specify <router_name> — the name of the cloud router..

3. Connect the cloud router to an external network — an external IP address will be assigned to the router:

   openstack router set --external-gateway external-network <router>

   Specify <router> — Cloud router ID or name, can be viewed using the openstack rou ter list command

2. Connect the subnet to the cloud router⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.

2. Go to Network → Cloud routers tab.

3. Open the router card.

4. Click Add Subnet.

5. Select a private subnet or a global router subnet.

6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → Private Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.

   If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the .253 and .254 service addresses.

7. Click Add Subnet.

OpenStack CLI

1. Open the OpenStack CLI.

2. Connect the subnet to the cloud router:

   openstack router add subnet <router> <subnet>

   Specify:

   • <router> — The ID or name of the cloud router can be viewed with the command openstack router list;
   • <subnet> — The ID or name of a private subnet can be viewed with the command openstack subnet list.